Releases: Governikus/eidas-middleware
Release 4.0.1
This is the 4.0.1 Release of the eIDAS Middleware
Upgrade notes
This release does not require any database upgrade procedures when updating from version 3.3.0 or 3.4.0. If you are however upgrading from an earlier release than 3.3.0, you must execute the upgrade procedure for version 3.3.0. The steps are described in https://github.com/Governikus/eidas-middleware/releases/tag/3.3.0.
Changelog
- eIDAS Middleware: Restrict crypto algorithms to those allowed in TR-03116-4 (2025) and TR-02102-2 (2025)
- eIDAS Middleware: Fixed error when parsing a Defect List with id-CertReplaced element.
OVA File
Because of file size restrictions, the OVA file cannot be added directly to this release. You can download the file here:
https://upload.governikus.de/eidas-middleware/eidas-middleware-4.0.1.ova
The SHA-256 hash of the file is E52EC50FCBDE544EC9E04C77044617EB195FDC28E8DD1F375191D5E377C36685.
Release 4.0.0
This is the 4.0.0 Release of the eIDAS Middleware
Upgrade notes
The DVCA Service for the Restricted Identification is updated to version 1.4. This requires you to update the URL for the Restricted Identification Service in the DVCA configuration:
For test environments: https://dvca-r1.governikus-eid.de/gov_dvca/ri-service-140
For production environments: https://berca-p1.d-trust.net/ps/dvsd_v2/v1_4
This release does not require any database upgrade procedures when updating from version 3.3.0 or 3.4.0. If you are however upgrading from an earlier release than 3.3.0, you must execute the upgrade procedure for version 3.3.0. The steps are described in https://github.com/Governikus/eidas-middleware/releases/tag/3.3.0.
Changelog
- eIDAS Middleware: URL-Encode filenames for the block list files.
- eIDAS Middleware: Add SNMP endpoint to get TLS client cert expiration date.
- eIDAS Middleware: Do not abort startup on CRL initialization errors.
- eIDAS Middleware: The RI interface is now using version 1.40. The 1.10 version is no longer supported and the property to change the version is deleted. Breaking Change.
- eIDAS Middleware: Added keypair certificates in XML export without private keys.
- eIDAS Middleware: Fixed failing build caused by privileged port binding (linux) and failing tests: #35 by asbachb.
- eIDAS Middleware: Added a "Delete pending certificate request" button to the Admin UI. The button is located in the CVC Info Card under the Service Provider's details and is visible only when a pending certificate request is present.
- eIDAS Middleware: Added a "Delete current RSC" button to the Admin UI. The button is located in the RSC Actions card under the Service Provider's details and is visible only when a current RSC is present.
- eIDAS Middleware: Added new column "NextRscSequenceNumber" to "TerminalPermission" table. Please make sure to create a database backup before applying this update.
- eIDAS Middleware: Added new timer to optionally delete expired keys in the HSM
OVA File
Because of file size restrictions, the OVA file cannot be added directly to this release. You can download the file here:
https://upload.governikus.de/eidas-middleware/eidas-middleware-4.0.0.ova
The SHA-256 hash of the file is 0d800e4f3308cb613e3331da278e3311c2503db8f6fef1cb8f4f91387eb032ef.
Release 3.4.0
This is the 3.4.0 Release of the eIDAS Middleware
Upgrade notes
This release does not require any upgrade procedures when updating from version 3.3.0. If you are however upgrading from an earlier release than 3.3.0, you must execute the upgrade procedure for version 3.3.0. The steps are described in https://github.com/Governikus/eidas-middleware/releases/tag/3.3.0.
Changelog
- eIDAS Middleware: Add support for TLS 1.3
- eIDAS Middleware: Change minimal key length for TLS EC certificates to 250.
Also add a check for recommended named curves. - eIDAS Middleware: Change minimal key length for TLS DHE certificates to 3072.
- eIDAS Middleware: Change SAML method for key transport to RSA-OAEP.
- eIDAS Middleware: Remove SHA-1 cipher suites.
- eIDAS Middleware: Add warning and log if an RSA certificate with less than 3000 bits is used for TLS.
- eIDAS Middleware: CSR renewal will not use the current keypair.
Also use RSA 4096 instead of ECC. - eIDAS Middleware: Support only ‘unspecified’ as NameIdentifier.
- eIDAS Middleware: Change Integer objects to primitive ints in SNMPAgent: #31 by hduelme.
- eIDAS Middleware: Refactor character encoding method usage: #32 by hduelme.
- eIDAS Middleware: Remove checkCipherData: #34 by Al1c3-1337.
OVA File
Because of file size restrictions, the OVA file cannot be added directly to this release. You can download the file here:
https://upload.governikus.de/eidas-middleware/eidas-middleware-3.4.0.ova
The SHA-256 hash of the file is bfca009bc68420b9f9b92e6aced33a9bf9fb1ccbd83839a4b339f18110a85a95.
Release 3.2.1
This is the 3.2.1 Release of the eIDAS Middleware
Upgrade notes
In case you are upgrading from a 2.x release, please follow the instructions from https://github.com/Governikus/eidas-middleware/releases/tag/3.0.0.
Changelog
- eIDAS Middleware: Fix to support new generation of eID cards
OVA File
Because of file size restrictions, the OVA file cannot be added directly to this release. You can download the file here:
https://upload.governikus.de/eidas-middleware/eidas-middleware-3.2.1.ova
The SHA-256 hash of the file is d6962634f40542cac699fff4bd040c24d1d9051eb8eb9460dd15eec0beec8510.
Release 3.3.0
This is the 3.3.0 Release of the eIDAS Middleware
Upgrade notes
This version of the eIDAS Middleware uses the HSQLDB instead of the H2 database. To migrate your previous Middlewares to this version, use the database migration tool. The tool and the documentation is attached to this release.
In case you are upgrading from a 2.x release, please follow the instructions from https://github.com/Governikus/eidas-middleware/releases/tag/3.0.0. The upgrade to to 3.3.0 is supported from the versions 3.0.2, 3.1.3 and 3.2.0.
Changelog
- eIDAS Middleware: Database change from H2 to HSQL - breaking change
- Database Migration Tool: Tool for migration between H2 and HSQL
- eIDAS Middleware: Add functionality of TR-03129-1.40 - breaking change
- eIDAS Middleware: Store Block Lists in file system instead of database, use copy in memory for fast access.
- eIDAS Middleware: Add automatic entanglement of the TLS server certificate with the CVC
- eIDAS Middleware: Add automatic renewal of Request Signer Certificate
- eIDAS Middleware: Add automatic renewal of the TLS client certificate (at the time of publication only available in the test environment)
- eIDAS Middleware: Remove dashboard page and set status page as landing page
- eIDAS Middleware: Add timer history
- eIDAS Middleware: Improved logging
- eIDAS Middleware: Updated VM image to Debian 12 and Java 17.0.10
OVA File
Because of file size restrictions, the OVA file cannot be added directly to this release. You can download the file here:
https://upload.governikus.de/eidas-middleware/eidas-middleware-3.3.0.ova
The SHA-256 hash of the file is 0bf6697490b4742c869ca17ccf44d51fd6be3b38f10b15484f275d600f66710b.
Release 3.2.0
This is the 3.2.0 Release of the eIDAS Middleware
Upgrade notes
In case you are upgrading from a 2.x release, please follow the instructions from https://github.com/Governikus/eidas-middleware/releases/tag/3.0.0.
Changelog
- All components: Update to Java 17.
- All components: Update to Spring Boot 3.1.
- eIDAS Middleware: Fix use of P12 keystores for TLS keys.
- eIDAS Middleware: Fix display of CVC availability on the status page.
- eIDAS Middleware: Remove deprecated configuration parts in the documentation.
- eIDAS Middleware: Only accept specified cryptographic algorithms and elliptic curve parameters.
- eIDAS Middleware: Fix generation of sequence number after an initial CVC request.
- eIDAS Middleware: Improve form validation for initial CVC request.
- eIDAS Middleware & Demo: Update new references to the German eID client.
OVA File
Because of file size restrictions, the OVA file cannot be added directly to this release. You can download the file here:
https://cloud.governikus.de/index.php/s/P6d3Z3L8xtGgQGX
Release 3.1.3
This is the 3.1.3 Release of the eIDAS Middleware
Upgrade notes
In case you are upgrading from a 2.x release, please follow the instructions from https://github.com/Governikus/eidas-middleware/releases/tag/3.0.0.
Changelog
- eIDAS Middleware: Fix CVEs by updating affected libraries, most notably Tomcat.
OVA File
Because of file size restrictions, the OVA file cannot be added directly to this release. You can download the file here:
https://cloud.governikus.de/index.php/s/Po6G9zQ8Ht5RSZM
Release 3.1.2
This is the 3.1.2 Release of the eIDAS Middleware
Upgrade notes
In case you are upgrading from a 2.x release, please follow the instructions from https://github.com/Governikus/eidas-middleware/releases/tag/3.0.0.
Changelog
- eIDAS Middleware: Fix CVEs by updating affected libraries, most notably xmlsec.
OVA File
Because of file size restrictions, the OVA file cannot be added directly to this release. You can download the file here:
https://cloud.governikus.de/index.php/s/H9RJH36L6fjddqT
Release 3.0.2
This is the 3.0.2 Release of the eIDAS Middleware
Upgrade notes
In case you are upgrading from a 2.x release, please follow the instructions from https://github.com/Governikus/eidas-middleware/releases/tag/3.0.0.
Changelog
- eIDAS Middleware: Fix CVEs by updating affected libraries, most notably xmlsec.
OVA File
Because of file size restrictions, the OVA file cannot be added directly to this release. You can download the file here:
https://cloud.governikus.de/index.php/s/3QFBRnAsyB7A4dq
Release 2.2.9
This is the 2.2.9 Release of the eIDAS Middleware
Changelog
- eIDAS Middleware: Fix CVEs by updating affected libraries, most notably xmlsec.
OVA File
Because of file size restrictions, the OVA file cannot be added directly to this release. You can download the file here:
https://cloud.governikus.de/index.php/s/j27W2gbRJGpCbqP